summaryrefslogtreecommitdiffstats
path: root/recipes/ca-certificates
diff options
context:
space:
mode:
Diffstat (limited to 'recipes/ca-certificates')
-rw-r--r--recipes/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch30
-rw-r--r--recipes/ca-certificates/ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch46
-rw-r--r--recipes/ca-certificates/ca-certificates/default-sysroot.patch50
-rw-r--r--recipes/ca-certificates/ca-certificates/sbindir.patch20
-rw-r--r--recipes/ca-certificates/ca-certificates_20150426.bb80
5 files changed, 226 insertions, 0 deletions
diff --git a/recipes/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch b/recipes/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch
new file mode 100644
index 0000000..4b4b287
--- /dev/null
+++ b/recipes/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch
@@ -0,0 +1,30 @@
1ca-certificates is a package from Debian, but some host distros such as Fedora
2have a leaner run-parts provided by cron which doesn't support --verbose or the
3 -- separator between arguments and paths.
4
5This solves errors such as
6
7| Running hooks in [...]/rootfs/etc/ca-certificates/update.d...
8| [...]/usr/sbin/update-ca-certificates: line 194: Not: command not found
9
10Upstream-Status: Inappropriate
11Signed-off-by: Ross Burton <ross.burton@intel.com>
12---
13 sbin/update-ca-certificates | 4 +---
14 1 file changed, 1 insertion(+), 3 deletions(-)
15
16Index: git/sbin/update-ca-certificates
17===================================================================
18--- git.orig/sbin/update-ca-certificates
19+++ git/sbin/update-ca-certificates
20@@ -191,9 +191,7 @@ if [ -d "$HOOKSDIR" ]
21 then
22
23 echo "Running hooks in $HOOKSDIR..."
24- VERBOSE_ARG=
25- [ "$verbose" = 0 ] || VERBOSE_ARG="--verbose"
26- eval run-parts "$VERBOSE_ARG" --test -- "$HOOKSDIR" | while read hook
27+ eval run-parts --test -- "$HOOKSDIR" | while read hook
28 do
29 ( cat "$ADDED"
30 cat "$REMOVED" ) | "$hook" || echo "E: $hook exited with code $?."
diff --git a/recipes/ca-certificates/ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch b/recipes/ca-certificates/ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch
new file mode 100644
index 0000000..792b403
--- /dev/null
+++ b/recipes/ca-certificates/ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch
@@ -0,0 +1,46 @@
1Upstream-Status: Pending
2
3From 724cb153ca0f607fb38b3a8db3ebb2742601cd81 Mon Sep 17 00:00:00 2001
4From: Andreas Oberritter <obi@opendreambox.org>
5Date: Tue, 19 Mar 2013 17:14:33 +0100
6Subject: [PATCH 2/2] update-ca-certificates: use $SYSROOT
7
8Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
9---
10 sbin/update-ca-certificates | 14 +++++++-------
11 1 file changed, 7 insertions(+), 7 deletions(-)
12
13Index: git/sbin/update-ca-certificates
14===================================================================
15--- git.orig/sbin/update-ca-certificates
16+++ git/sbin/update-ca-certificates
17@@ -24,12 +24,12 @@
18 verbose=0
19 fresh=0
20 default=0
21-CERTSCONF=/etc/ca-certificates.conf
22-CERTSDIR=/usr/share/ca-certificates
23-LOCALCERTSDIR=/usr/local/share/ca-certificates
24+CERTSCONF=$SYSROOT/etc/ca-certificates.conf
25+CERTSDIR=$SYSROOT/usr/share/ca-certificates
26+LOCALCERTSDIR=$SYSROOT/usr/local/share/ca-certificates
27 CERTBUNDLE=ca-certificates.crt
28-ETCCERTSDIR=/etc/ssl/certs
29-HOOKSDIR=/etc/ca-certificates/update.d
30+ETCCERTSDIR=$SYSROOT/etc/ssl/certs
31+HOOKSDIR=$SYSROOT/etc/ca-certificates/update.d
32
33 while [ $# -gt 0 ];
34 do
35@@ -92,9 +92,9 @@ add() {
36 PEM="$ETCCERTSDIR/$(basename "$CERT" .crt | sed -e 's/ /_/g' \
37 -e 's/[()]/=/g' \
38 -e 's/,/_/g').pem"
39- if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "$CERT" ]
40+ if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "${CERT##$SYSROOT}" ]
41 then
42- ln -sf "$CERT" "$PEM"
43+ ln -sf "${CERT##$SYSROOT}" "$PEM"
44 echo "+$PEM" >> "$ADDED"
45 fi
46 # Add trailing newline to certificate, if it is missing (#635570)
diff --git a/recipes/ca-certificates/ca-certificates/default-sysroot.patch b/recipes/ca-certificates/ca-certificates/default-sysroot.patch
new file mode 100644
index 0000000..f8b0791
--- /dev/null
+++ b/recipes/ca-certificates/ca-certificates/default-sysroot.patch
@@ -0,0 +1,50 @@
1Upstream-Status: Pending
2
3update-ca-certificates: find SYSROOT relative to its own location
4
5This makes the script relocatable.
6
7Index: git/sbin/update-ca-certificates
8===================================================================
9--- git.orig/sbin/update-ca-certificates
10+++ git/sbin/update-ca-certificates
11@@ -66,6 +66,39 @@ do
12 shift
13 done
14
15+if [ -z "$SYSROOT" ]; then
16+ local_which () {
17+ if [ $# -lt 1 ]; then
18+ return 1
19+ fi
20+
21+ (
22+ IFS=:
23+ for entry in $PATH; do
24+ if [ -x "$entry/$1" ]; then
25+ echo "$entry/$1"
26+ exit 0
27+ fi
28+ done
29+ exit 1
30+ )
31+ }
32+
33+ case "$0" in
34+ */*)
35+ sbindir=$(cd ${0%/*} && pwd)
36+ ;;
37+ *)
38+ sbindir=$(cd $(dirname $(local_which $0)) && pwd)
39+ ;;
40+ esac
41+ prefix=${sbindir%/*}
42+ SYSROOT=${prefix%/*}
43+ if [ ! -d "$SYSROOT/usr/share/ca-certificates" ]; then
44+ SYSROOT=
45+ fi
46+fi
47+
48 if [ ! -s "$CERTSCONF" ]
49 then
50 fresh=1
diff --git a/recipes/ca-certificates/ca-certificates/sbindir.patch b/recipes/ca-certificates/ca-certificates/sbindir.patch
new file mode 100644
index 0000000..a113fa8
--- /dev/null
+++ b/recipes/ca-certificates/ca-certificates/sbindir.patch
@@ -0,0 +1,20 @@
1Upstream-Status: Pending
2
3Let us alter the install destination of the script via SBINDIR
4
5--- ca-certificates-20130119.orig/sbin/Makefile
6+++ ca-certificates-20130119/sbin/Makefile
7@@ -3,9 +3,12 @@
8 #
9 #
10
11+SBINDIR = /usr/sbin
12+
13 all:
14
15 clean:
16
17 install:
18- install -m755 update-ca-certificates $(DESTDIR)/usr/sbin/
19+ install -d $(DESTDIR)$(SBINDIR)
20+ install -m755 update-ca-certificates $(DESTDIR)$(SBINDIR)/
diff --git a/recipes/ca-certificates/ca-certificates_20150426.bb b/recipes/ca-certificates/ca-certificates_20150426.bb
new file mode 100644
index 0000000..716e3df
--- /dev/null
+++ b/recipes/ca-certificates/ca-certificates_20150426.bb
@@ -0,0 +1,80 @@
1SUMMARY = "Common CA certificates"
2DESCRIPTION = "This package includes PEM files of CA certificates to allow \
3SSL-based applications to check for the authenticity of SSL connections. \
4This derived from Debian's CA Certificates."
5HOMEPAGE = "http://packages.debian.org/sid/ca-certificates"
6SECTION = "misc"
7LICENSE = "GPL-2.0+ & MPL-2.0"
8LIC_FILES_CHKSUM = "file://debian/copyright;md5=48d2baf97986999e776b43c8dd9e0c5a"
9
10# This is needed to ensure we can run the postinst at image creation time
11DEPENDS = "ca-certificates-native"
12DEPENDS_class-native = ""
13
14# tag: debian/20150426 + 2
15SRCREV = "d4790d2832aaac9152f450e06661511067592227"
16
17SRC_URI = "git://anonscm.debian.org/collab-maint/ca-certificates.git \
18 file://0001-update-ca-certificates-remove-c-rehash.patch \
19 file://0002-update-ca-certificates-use-SYSROOT.patch \
20 file://0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch \
21 file://default-sysroot.patch \
22 file://sbindir.patch"
23
24S = "${WORKDIR}/git"
25
26inherit allarch
27
28EXTRA_OEMAKE = "\
29 'CERTSDIR=${datadir}/ca-certificates' \
30 'SBINDIR=${sbindir}' \
31"
32
33do_compile_prepend() {
34 oe_runmake clean
35}
36
37do_install () {
38 install -d ${D}${datadir}/ca-certificates \
39 ${D}${sysconfdir}/ssl/certs \
40 ${D}${sysconfdir}/ca-certificates/update.d
41 oe_runmake 'DESTDIR=${D}' install
42
43 install -d ${D}${mandir}/man8
44 install -m 0644 sbin/update-ca-certificates.8 ${D}${mandir}/man8/
45
46 install -d ${D}${sysconfdir}
47 {
48 echo "# Lines starting with # will be ignored"
49 echo "# Lines starting with ! will remove certificate on next update"
50 echo "#"
51 find ${D}${datadir}/ca-certificates -type f -name '*.crt' | \
52 sed 's,^${D}${datadir}/ca-certificates/,,'
53 } >${D}${sysconfdir}/ca-certificates.conf
54}
55
56do_install_append_class-target () {
57 sed -i -e 's,/etc/,${sysconfdir}/,' \
58 -e 's,/usr/share/,${datadir}/,' \
59 -e 's,/usr/local,${prefix}/local,' \
60 ${D}${sbindir}/update-ca-certificates \
61 ${D}${mandir}/man8/update-ca-certificates.8
62}
63
64pkg_postinst_${PN} () {
65 SYSROOT="$D" update-ca-certificates
66}
67
68CONFFILES_${PN} += "${sysconfdir}/ca-certificates.conf"
69
70# Postinsts don't seem to be run for nativesdk packages when populating SDKs.
71CONFFILES_${PN}_append_class-nativesdk = " ${sysconfdir}/ssl/certs/ca-certificates.crt"
72do_install_append_class-nativesdk () {
73 SYSROOT="${D}${SDKPATHNATIVE}" update-ca-certificates
74}
75
76do_install_append_class-native () {
77 SYSROOT="${D}${base_prefix}" ${D}${sbindir}/update-ca-certificates
78}
79
80BBCLASSEXTEND += "native nativesdk"